Blog

President Trump introduced his long-awaited Cybersecurity Executive Order last month. While some focused on its similarities to EO 13636 issued by the Obama administration more than four years earlier, we were more concerned with, and quite frankly, excited by, the fact that it (rightly) cast a renewed spotlight on the National Institute of Standards and Technology (NIST) Framework.

Developed in 2014, the NIST Framework “enables organizations – regardless of size, degree of cybersecurity risk, or cybersecurity sophistication – to apply the principles and best practices of risk management to improving the security and resilience of critical infrastructure.” According to NIST, “the Framework provides organization and structure to today’s multiple approaches to cybersecurity by assembling standards, guidelines, and practices that are working effectively in industry today.”

Notably, the new EO takes a holistic approach to improving critical infrastructure by leveraging the risk assessment and risk management principles of the NIST Framework. Built around five core functions – Identify, Protect, Detect, Respond and Recover – the NIST Framework is designed to enable agencies to gain a better understanding of their risk profiles and what may be preventing them from implementing risk mitigation best practices.

As champions of NIST, Forum Systems welcomes this news. We believe it’s (finally) time for government organizations to adopt its foundational principles. For our part, we have adhered to NIST from the very beginning, architecting our flagship Forum Sentry API Gateway according to its core tenets.

Security in Mind and By Design

Unlike other products, security was the fundamental design concept of Forum Sentry. While others were focused on features or integration (and then retrofitted security capabilities later on), we built our award-winning API Security Gateway from the ground up as a NIST security device. Today, we’re proud to say that Forum Sentry is the industry’s only API Security Gateway to have achieved FIPS 140-2 Level 2 and NIAP NDPP certification for enabling secure connectivity between users, applications, and the cloud.

Recover – Develop and implement the appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cyber security event – e.g., an API Security Gateway features dynamic access control for ensuring continuity of communications from sources that are not deemed vulnerable.